/// <summary> /// Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtHeader" /> class. With the Header Parameters as follows: /// <para>{ { typ, JWT }, { alg, Mapped( <see cref="P:System.IdentityModel.Tokens.SigningCredentials.SignatureAlgorithm" /> } } /// See: Algorithm Mapping below.</para> /// </summary> /// <param name="signingCredentials">The <see cref="P:System.IdentityModel.Tokens.JwtHeader.SigningCredentials" /> that will be or were used to sign the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken" />.</param> /// <remarks> /// <para>For each <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause" /> in signingCredentials.SigningKeyIdentifier</para> /// <para>if the clause is a <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause" /> Header Parameter { clause.Name, clause.Id } will be added.</para> /// <para>For example, if clause.Name == 'kid' and clause.Id == 'SecretKey99'. The JSON object { kid, SecretKey99 } would be added.</para> /// <para>In addition, if the <see cref="P:System.IdentityModel.Tokens.JwtHeader.SigningCredentials" /> is a <see cref="T:System.IdentityModel.Tokens.X509SigningCredentials" /> the JSON object { x5t, Base64UrlEncoded( <see cref="M:System.Security.Cryptography.X509Certificates.X509Certificate.GetCertHashString" /> } will be added.</para> /// <para>This simplifies the common case where a X509Certificate is used.</para> /// <para>================= </para> /// <para>Algorithm Mapping</para> /// <para>================= </para> /// <para><see cref="P:System.IdentityModel.Tokens.SigningCredentials.SignatureAlgorithm" /> describes the algorithm that is discoverable by the CLR runtime.</para> /// <para>The { alg, 'value' } placed in the header reflects the JWT specification.</para> /// <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundAlgorithmMap" /> contains a signature mapping where the 'value' above will be translated according to this mapping. /// <para>Current mapping is:</para> /// <para> 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' => 'RS256'</para> /// <para> 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256' => 'HS256'</para> /// </remarks> public JwtHeader(SigningCredentials signingCredentials = null) : base((IEqualityComparer <string>)StringComparer.Ordinal) { this["typ"] = (object)"JWT"; if (signingCredentials != null) { this.SigningCredentials = signingCredentials; string index = signingCredentials.SignatureAlgorithm; if (JwtSecurityTokenHandler.OutboundAlgorithmMap.ContainsKey(signingCredentials.SignatureAlgorithm)) { index = JwtSecurityTokenHandler.OutboundAlgorithmMap[index]; } this["alg"] = (object)index; if (signingCredentials.SigningKeyIdentifier != null) { foreach (SecurityKeyIdentifierClause identifierClause1 in signingCredentials.SigningKeyIdentifier) { NamedKeySecurityKeyIdentifierClause identifierClause2 = identifierClause1 as NamedKeySecurityKeyIdentifierClause; if (identifierClause2 != null) { this[identifierClause2.Name] = (object)identifierClause2.Id; } } } X509SigningCredentials signingCredentials1 = signingCredentials as X509SigningCredentials; if (signingCredentials1 == null || signingCredentials1.Certificate == null) { return; } this["x5t"] = (object)Base64UrlEncoder.Encode(signingCredentials1.Certificate.GetCertHash()); } else { this["alg"] = (object)"none"; } }
/// <summary>Encodes this instance as Base64UrlEncoded JSON.</summary> /// <returns>Base64UrlEncoded JSON.</returns> /// <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Serializer" /> to customize JSON serialization.</remarks> public virtual string Base64UrlEncode() { return(Base64UrlEncoder.Encode(this.SerializeToJson())); }